This Article 
 Bibliographic References 
 Add to: 
Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities
July-Aug. 2011 (vol. 9 no. 4)
pp. 80-84
John Diamant, Hewlett-Packard
The software industry would be better off with more emphasis on early-lifecycle security—avoiding security mistakes in the first place. That means security requirements analysis and architecting or designing security in, an approach that's rare but that provides substantial benefits.

1. G. Santayana, Reason in Common Sense, Dover, 1980; .
2. D. Hamilton, "HP Adds Early Life Cycle Application Security Analysis to Discover Hidden Weaknesses," Web Host Industry Rev.,11 June 2010; .
3. T. Espiner, "IBM: Public Vulnerabilities Are Tip of the Iceberg," CNET News,1 June 2007; 2100-1002_3-6188032.html .
4. B. Boehm, "Industrial Metrics Top 10 List," IEEE Software, vol. 4, no. 5, 1987, pp. 84–85.
5. B. Schneier, Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, 2000, p. 318.
6. Ike Skelton National Defense Authorization Act for Fiscal Year 2011, HR 6523, US Government Printing Office, 2010; pdfBILLS-111hr6523ih.pdf.

Index Terms:
software development, HP Comprehensive Applications Threat Analysis, W. Edwards Deming, security vulnerabilities, dynamic application security testing, static application security testing, security requirements gap analysis, architectural threat analysis, security quality, zero day, 0-day, security and privacy
John Diamant, "Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities," IEEE Security & Privacy, vol. 9, no. 4, pp. 80-84, July-Aug. 2011, doi:10.1109/MSP.2011.88
Usage of this product signifies your acceptance of the Terms of Use.